IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2.2

Smart card authentication

IBM® Security Access Manager for Enterprise Single Sign-On supports the use of smart cards for user authentication in both personal and shared workstations.

Important:

See Kerberos authentication to evaluate and verify that your workstation meets the requirements and compatibilities to set up Kerberos authentication.

Do one of the following:
  • If your workstation is compatible, it is recommended that you set up Kerberos authentication.
  • If your workstation is not compatible, see Strong authentication for the different authentication devices that can secure a session.

How it works

Users can log on, lock, and unlock AccessAgent with smart card and PIN only. Insert the smart card into the smart card reader and provide the smart card PIN when prompted.
Note: The smart card PIN is not related to the ISAM ESSO password. IBM Security Access Manager for Enterprise Single Sign-On does not manage and reset the smart card PIN.

To use smart card authentication, register the smart card as a secondary authentication factor.

Note:

If there are other software on the computer that provide smart card authentication features, they can conflict with the AccessAgent smart card authentication feature.

AccessAgent cannot detect if there are other software with smart card filters. A user can log on with a smart card to Windows by using other software, but the user is not automatically logged on to AccessAgent.

Parent topic: Planning for authentication factors

Feedback